本文主要是介绍upload-labs第四关 pass-04 htaccess绕过,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
五、pass-04 htaccess绕过
源码:
$is_upload = false;
$msg = null;
if (isset($_POST['submit'])) {if (file_exists($UPLOAD_ADDR)) {$deny_ext = array(".php",".php5",".php4",".php3",".php2","php1",".html",".htm",".phtml",".pHp",".pHp5",".pHp4",".pHp3",".pHp2","pHp1",".Html",".Htm",".pHtml",".jsp",".jspa",".jspx",".jsw",".jsv",".jspf",".jtml",".jSp",".jSpx",".jSpa",".jSw",".jSv",".jSpf",".jHtml",".asp",".aspx",".asa",".asax",".ascx",".ashx",".asmx",".cer",".aSp",".aSpx",".aSa",".aSax",".aScx",".aShx",".aSmx",".cEr",".sWf",".swf");$file_name = trim($_FILES['upload_file']['name']);$file_name = deldot($file_name);//删除文件名末尾的点$file_ext = strrchr($file_name, '.');$file_ext = strtolower($file_ext); //转换为小写$file_ext = str_ireplace('::$DATA', '', $file_ext);//去除字符串::$DATA$file_ext = trim($file_ext); //收尾去空if (!in_array($file_ext, $deny_ext)) {if (move_uploaded_file($_FILES['upload_file']['tmp_name'], $UPLOAD_ADDR . '/' . $_FILES['upload_file']['name'])) {$img_path = $UPLOAD_ADDR . $_FILES['upload_file']['name'];$is_upload = true;}} else {$msg = '此文件不允许上传!';}} else {$msg = $UPLOAD_ADDR . '文件夹不存在,请手工创建!';}
}
看一下提示:
黑名单中限制了很多后缀,但是没有.htaccess,我们可以上传.htaccess文件更改apache配置
htaccess文件是Apache服务器中的一个配置文件,它负责相关目录下的网页配置。通过htaccess文件,可以帮我们实现:网页301重定向、自定义404错误页面、改变文件扩展名、允许/阻止特定的用户或者目录的访问、禁止目录列表、配置默认文档等功能。
先写一个.htaccess文件
<FilesMatch "2.jpg(即将上传的文件名)">SetHandler application/x-httpd-php</FilesMatch>这段代码的意思是把2.jpg文件当作php文件执行
上传.htaccess文件,然后再上传2.jpg图片马
这篇关于upload-labs第四关 pass-04 htaccess绕过的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!
